Security News

Analysis Despite the hype around criminals using ChatGPT and various other large language models to ease the chore of writing malware, it seems this generative AI technology isn't terribly good at helping with that kind of work. In two reports published this week, Trend Micro and Google's Mandiant weigh in on the buzzy AI tech, and both reach the same conclusion: internet fiends are interested in using generative AI for nefarious purposes, though in reality, usage remains limited.

Researchers have uncovered a massive campaign that delivered proxy server apps to at least 400,000 Windows systems. Some proxy companies sell access to residential proxies and offer monetary rewards to users who agree to share their bandwidth.

The developers of Raccoon Stealer information-stealing malware have ended their 6-month hiatus from hacker forums to promote a new 2.3.0 version of the malware to cyber criminals. In a new post to a hacker forum first spotted by VX-Underground, the malware's current authors informed the cybercriminal community that they're back, having spent their time "Working tirelessly" to bring them new features that will enrich the user experience.

The just-released BlackBerry Global Threat Intelligence Report reveals a 40% increase in cyberattacks against government and public service organizations versus the previous quarter. With limited resources and often immature cyber defense programs, these publicly funded organizations are struggling against the double-pronged threat of attacks from both nation-states and the criminal underground.

Gigabud RAT was first documented by Cyble in January 2023 after it was spotted impersonating bank and government apps to siphon sensitive data. While Android devices have the "Install from Unknown Sources" setting disabled by default as a security measure to prevent the installation of apps from untrusted sources, the operating system allows other apps on installed on the device, such as web browsers, email clients, file managers, and messaging apps, to request the "REQUEST INSTALL PACKAGES" permission.

Researchers discovered 120,000 infected systems that contained credentials for cybercrime forums. Analyzing the data, threat researchers found that the passwords used for logging into hacking forums were generally stronger than those for government websites.

Users in Latin America are the target of a financial malware called JanelaRAT that's capable of capturing sensitive information from compromised Microsoft Windows systems. "JanelaRAT mainly targets financial and cryptocurrency data from LATAM bank and financial institutions," Zscaler ThreatLabz researchers Gaetano Pellegrino and Sudeep Singh said, adding it "Abuses DLL side-loading techniques from legitimate sources to evade endpoint detection."

A bulletproof hosting provider is a hosting company that turns a blind eye to reports of criminal activity or the hosting of copyrighted material on their servers. Cybercriminals prefer these types of hosting providers over traditional companies, as they can launch cybercrime campaigns without fear that they will be shut down after malicious activity is reported.

An unknown threat actor has been linked to a cyber attack on a power generation company in South Africa with a new variant of the SystemBC malware called DroxiDat as a precursor to a suspected ransomware attack. The use of SystemBC as a conduit for ransomware attacks has been documented in the past.

Malware, being one of the most prevalent and pervasive initial threat vectors, continues to adapt and become more sophisticated, according to OPSWAT. Crucial role of threat intelligence. Threat actors leverage malware as an initial foothold to infiltrate targeted infrastructures and move laterally to gain long-term access, cause damage, or exfiltrate data and trade secrets.